Monthly Archives: October 2019

vRealize Easy Installer Walk-through Guide

With the recent release of VMware vRealize Suite Lifecycle Manager 8.0 and vRealize Automation, also comes a new deployment tool called vRealize Easy Installer.  The Easy Installer is a tool that streamlines and helps you install vRealize Suite Lifecycle Manager, VMware Identity Manager, and optionally, vRealize Automation via a simple and clean UI.  

The three packages are contained within a single ISO file call VMware vRealize Suite Lifecycle Manager 8.0.0 Easy Installer.  The ISO can be found within the vRealize Suite Download page in the My VMware portal.   Selecting either vRealize Suite Lifecycle Manager or vRealize Automation will take you to the same 9GB ISO download. vIDM still has it’s own individual download if you want/need it.

The Easy Installer is compatible with Linux, Windows, and Mac, which should make it very accessible to a large audience.  I decided to give it a try out and detail the process below.  It’s a rather simple process to follow as long as a few prerequisites specific to the Installer are met first.

On the Memory front, LCM and vIDM both require 2 vCPUs and 6 GB of memory. vRealize Automation on the other hand will require, for a Standard install, 8 vCPUs and 32 GB Memory. You can times that by three for a Clustered install. If you enable Thin Disk provisioning, 75 GB min storage will be required. Finally DNS records for LCM, vIDM, and optionally vRA if being installed, need to be created first.

In the below process I use Windows 10 as the client source I install from.   

To access the installer we need to right click the ISO file and select mount.  This will mount the ISO as a drive in Windows.  We can then navigate to \vrlcm-ui-installer\win32 (If you were on Linux or Mac this path would be different). Then select installer.exe to start the Installer UI.

Step 1. Select Install
Step 2. Introduction -- Click Next
Step 3. EULA -- Accept terms and CEIP then click Next
Step 4. Appliance Deployment Target -- Enter in vCenter details and click Next
Step 5. Certificate Validation — Accept any warnings and click Next
Step 6. Select a Location -- Select a Datacenter and click Next
Step 7. Select a Compute Resource -- Select a Cluster and click Next
Step 8. Select a Storage Location -- Select a Datastore and optionally Enable Thin Disk Mode and click Next
A warning will display if you click Next and there is insufficient disk space. You will need a minimum of 75 GB for a Thin Disk install
Step 9. Network Configuration -- Enter in global networking details for the install of all products. Optionally enter in NTP settings. Only static IP assignment is possible.
Step 10. Password Configuration -- Enter in a default root/admin password to be assigned to all products
Step 11. Lifecycle Manager Configuration -- Enter in LCM details and click Next
If a VM with the same name is found in vCenter when you click Next you will receive a warning
Step 12. Identity Manager Configuration -- Enter in the vIDM details. Optionally enable the Sync Group Member to the Directory
Do not use admin/sshuser/root when selecting a Default Configuration Admin account name.
Step 13. vRealize Automation Configuration -- Choose to install vRA 8. Standard Deployment will deploy one vRA 8 server. Cluster Deployment will deploy three. The License Key will not be validated at this stage so confirm it is correct.
Step 14. Summary -- Verify all installation parameters and click Submit
If there are any issues during installation the install will fail and you will have the option to download the logs to troubleshoot the issue. Make sure all your DNS settings are correct and the client you are installing from can validate those DNS settings.
A successful install will look similar to this

Have I Been Pwned PowerShell Module v3

Over the last few years I’ve written I few posts on a PowerShell module I created that allows users to directly talk to the Have I Been Pwned API service (https://haveibeenpwned.com) that Troy Hunt maintains. While those posts are a little old now, they are still a good read on what this PowerShell Module is about. I encourage you to read them if you are interested (links at the bottom).

A few months back Troy made a big change to the way his API service works by requiring authorisation in the form of an API key. This broke a lot of different scripts and services the community have created that leveraged his service, including my own PowerShell module. Troy has discussed at length why he has decided to take these steps. I won’t bother going into it here. Authentication and the Have I Been Pwned API

Shortly after this change took effect I received a number of comments from the community that my PowerShell module didn’t work anymore. One or two even said that it was failing because I wasn’t providing an API key with the module. So I wanted to spend a few minutes to explain some of the new changes in the way the latest version of the Have I Been Pwned PowerShell module works. And what you need to do if you want to use it.

Firstly I decided to version increment the PowerShell module from the previous latest version of v1.4.2 to v3 to match the API version used by HIBP. (Version 2 was a short lived version up on my GitHub page)

Now for the big breaking change. Where applicable, all the URIs in the module have been updated to the v3 API. And again, where applicable, have had a header added to them to include a hibp-api-key value/token. Not all URI endpoints require an API Key. Generally speaking if you want to check for a pwned email address you will need an API key.

So how does this work?
The two functions that require an API key to be specified are Get-PwnedAccount and Get-PwnedPasteAccount. In the past you would have typed something like --

Get-PwnedAccount -EmailAdddress [email protected]

This would have returned all breached instances of sites that this email address would have been compromised in. In version 3 you now require the use of an API key to do the same thing.

Get-PwnedAccount -EmailAdddress [email protected] -apiKey "hibp-api-key"

So in this above example you can input your API key directly in the command. Or you could store it in a variable and call it at a later stage in the command. For example

$myApiKey = "xxxxxxxxxxxxx"
Get-PwnedAccount -EmailAdddress [email protected] -apiKey $myApiKey 

If you also really wanted to, you could hard code your API key in the parameters section of these scripts. Certainly not recommended but the choice is yours.

So where do I get this API key?
To make it clear, not from this PowerShell module or from me. You will need to go to Troy Hunt’s site (https://haveibeenpwned.com/API/Key) and purchase one.

Once you do you, this will be yours, or your organisation’s, own personal key that you do not share out. How you protect it and how you want to use it will be up to you.

Where can I download the PowerShell Module?
PowerShellGallery: https://www.powershellgallery.com/packages/HaveIBeenPwned/
GitHub: https://github.com/originaluko/haveibeenpwned

Previous Posts
HaveIBeenPwned PowerShell Module
HaveIBeenPwned PowerShell Module Updates